16527c8124
Client explicitly refuses to accept change cipher spec if no or NULL cipher was proposed now
2016-08-17 09:32:43 +02:00
69e6b775f8
Hello requests are no longer included in the handshake hashing (as per RFC)
2016-08-17 09:29:55 +02:00
c69316071f
Support for encrypted change cipher spec messages added
2016-08-17 09:26:46 +02:00
a02d1e7094
Explicit checks on server certificate chain added:
...
- Certificate can not be self-signed: Cannot check trust against configured root CAs when server certificate is self-signed
- Server can provide full certificate chain up-to and including root CA. Importing root CA to the store for certificate chain validation would implicitly trust this certificate chain. Thus, we skip all self-signed certificates on import.
2016-08-17 09:22:38 +02:00
078636eb14
make_change_chiper_spec() removed as this message can simply be created using make_message()
2016-08-17 09:09:42 +02:00
cabae26e0b
Flags describing handshake messages received assembled in a boolean table of flags
2016-08-17 09:01:11 +02:00
7376693838
Additional constants
2016-08-17 08:34:25 +02:00
a5b3914a09
Comments and some minor clean-up
2016-08-16 22:27:30 +02:00
00dd1277c5
Switched to the new key import method, as the old one had issues with PROV_RSA_AES crystallographic provider
2016-08-16 16:55:18 +02:00
e9839706b6
TLS clean-up
2016-08-16 16:44:19 +02:00
f5b03bc0bf
Annotation update
2016-08-16 10:39:42 +02:00
db27355e46
Some last compiler warnings resolved
2016-08-16 00:58:22 +02:00
85d7c3d4ec
Support for TLS 1.2 added
2016-08-16 00:47:47 +02:00
d68fd6ce08
Support for TLS 1.1 finished
2016-08-15 22:49:45 +02:00
82e910fea4
Late pad-checking added to prevent [Canvel, B] attack
2016-08-15 22:48:08 +02:00
de802b7a28
Byte-enums redefined & code clean-up
2016-08-15 21:01:38 +02:00
67fe27f6fd
Support for stream ciphers added
2016-08-15 19:04:56 +02:00
c8cfe4da42
TLS version no longer static, thou still fixed to TLS 1.0
2016-08-15 19:04:21 +02:00
d8ccf7cbc0
Credential management revised
2016-08-15 17:33:10 +02:00
e34d2ba275
Prefast declaration update
2016-08-15 15:10:42 +02:00
3d6849a523
Peer correctly returns providers configuration instead of method configuration in method_tls::get_result()
2016-08-15 14:13:14 +02:00
e807336e7b
The TLS phase can be determined from flags alone, therefore m_phase member eliminated
2016-08-15 10:40:27 +02:00
95426cde7c
Clean-up
2016-08-15 10:09:01 +02:00
99aa53726d
- PPP authentication EAP response packet is correctly formed now
...
- MS-MPPE-Send-Key/MS-MPPE-Recv-Key sorted out
2016-08-14 21:04:19 +02:00
95e2f7e01b
Encryption/decryption revised
...
- Number of memory copying reduced
- HMAC verification of server packets added
- Handshake hashing simplified
2016-08-14 18:51:18 +02:00
735d669887
Check for "change cipher spec" before server "finished" message added
2016-08-14 16:32:28 +02:00
a8db309a76
Wrong HMAC byte order issue fixed
2016-08-14 16:31:38 +02:00
7b94f01aa7
method_tls::create_key() optimization
2016-08-14 16:31:07 +02:00
12beee54ad
Ambiguous variable name changed
2016-08-14 16:24:07 +02:00
f9c5f608d0
Fixed missing server handshake message hashing
2016-08-14 14:03:12 +02:00
4982fc1a9a
Ambiguous logical expression equipped with parentheses
2016-08-14 14:01:20 +02:00
e7e8a88f32
Initialization of eap::tls_conn_state introduced
2016-08-14 13:59:54 +02:00
9a2663eb18
Non TLS1PRF case fixed in method_tls::prf()
2016-08-14 13:31:39 +02:00
940def31e6
Unused tls_conn_state member removed
2016-08-14 13:29:51 +02:00
47653492a2
Session key importing honours MSDN recommendation about exponent-one key usage
2016-08-14 12:44:49 +02:00
d1925a0704
method_tls::prf() simplified
2016-08-14 12:41:19 +02:00
ae37c9aa6c
TLS and TTLS distinction
2016-08-13 18:55:33 +02:00
cbda758178
MS-MPPE-Send-Key and MS-MPPE-Recv-Key are swapped now
2016-08-13 18:52:20 +02:00
04444eb99d
Encrypted pre-master secret byte order is correct now
2016-08-13 18:51:14 +02:00
b7b45ea64c
Cipher block length is correctly translated from bits to bytes now
2016-08-13 18:50:09 +02:00
4528f2d1fc
Simplification
2016-08-13 18:48:56 +02:00
eb918f3141
Processing of vendor specific TLS messages introduced
2016-08-13 18:48:02 +02:00
c749753c68
State constants renamed more systematically
2016-08-13 18:45:40 +02:00
9f92a73aa1
make_handshake() renamed to make_message() and made more general
2016-08-13 18:42:52 +02:00
6d54d45512
Pre-master secret encryption moved to make_client_key_exchange()
2016-08-13 18:39:22 +02:00
9498e8c9a9
Fixed issue occurred after careless eap::tls_random::time elimination
2016-08-13 18:32:40 +02:00
534f6f6d7d
tls_conn_state is class now
2016-08-13 08:09:47 +02:00
c7a41d891a
TLS work continues...
2016-08-12 21:09:50 +02:00
a8c306953a
TLS work continues...
2016-08-11 15:13:50 +02:00
77fe6b1bed
TLS connection state moved from eap::method_tls to eap::method_tls::conn_state to make reusable later
2016-08-11 12:00:38 +02:00
